Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: E-Commerce

First FTC Health Breach Notification Rule case addresses GoodRx’s not-so-good privacy practices

FTC: “The company name may be GoodRx, but it’s unlikely that “good” is the adjective consumers would use to describe the way the company violated its privacy promises by disclosing their personal health information to companies like Facebook and Google without authorization. How did GoodRx accomplish that? By using automatic “plug and play” tracking pixels and software development kits (SDKs) from Facebook, Google, and other companies that are designed to grab a substantial amount of consumer data and turn it over for advertising purposes. In the case of GoodRx, this included consumers’ personal and health information. To settle the FTC’s first action alleging a violation of the Health Breach Notification Rule, GoodRx will pay a $1.5 million civil penalty. But there’s another first-of-its-kind provision in the proposed settlement sure to generate water cooler talk among app developers, privacy professionals, and others in the burgeoning health technology industry. Read on for details. GoodRx runs a digital health platform where consumers can compare prescription drug prices and get prescription drug coupons. It also offers a paid monthly subscription service, GoodRx Gold, which claims to offer greater discounts and virtual telehealth visits through a product called GoodRx Care. GoodRx collects a substantial amount of personal data – including highly sensitive health information – from consumers and from pharmacy benefit managers, which are companies that manage prescription drug benefits, confirming when someone uses a GoodRx coupon to get a prescription. Although the specific language has changed over the years, GoodRx has made numerous privacy promises to consumers. For example, in describing its use of third-party tracking tools, GoodRx assured people, “[W]e never provide advertisers or any other third parties any information that reveals a personal health condition or personal health information.” GoodRx also promised users that it “rarely shares” personal health information with third parties, and when it does, it “ensures that these third parties are bound to comply with federal standards as to how to treat ‘medical data’ that is linked with your name, contact information and other personal identifiers.” In addition, GoodRx stated it would share users’ personal  information only for certain limited administrative functions – for example, “to provide services directly to users,” “to comply with the law or legal process,” “to act in an emergency to protect someone’s safety,” or “to handle customer requests.” To use a phrase we’ve had to repeat with troubling frequency in recent blog posts, that’s what the company promised, but the FTC says what GoodRx was doing behind the scenes contradicted those soothing assurances. According to the complaint, beginning in at least 2017, GoodRx broke its privacy promises by sharing information about users’ prescription meds, health conditions, and personal information – like contact information and personal identifiers – with some of the biggest names in digital advertising…”

Meta Was Scraping Sites for Years While Fighting the Practice

Yahoo Finance: “Meta is suing a company for collecting information from its platforms – Facebook and Instagram. It turns out that the social media company had earlier partnered with the same firm — Bright Data — to gather data from other websites. This came to light during the ongoing case filed on January 6 in… Continue Reading

Get your email privacy in order with these free must-use tools

PC World: “In the grand scheme of potential privacy concerns, email privacy is perhaps the most personal. Getting unwanted messages in your inbox can feel like a major breach of trust, and knowing senders can see a record of everything you’ve opened and clicked can feel downright creepy. That’s why it’s worth getting familiar with… Continue Reading

How to Automatically Delete Cookies in Chrome, Firefox, and Edge

Make Use Of: “Cookies are browsing data sent by websites for your browser to store. Such data is kept for saving site browsing preferences, login details, and ad-targeting purposes. Tracking cookies are the ones for which the EU has established cookie-permission website legislation. However, tracking cookies remain less regulated in the USA. Some users prefer… Continue Reading

Justice Department Sues Google for Monopolizing Digital Advertising Technologies

“Today, the Justice Department, along with the Attorneys General of California, Colorado, Connecticut, New Jersey, New York, Rhode Island, Tennessee, and Virginia, filed a civil antitrust suit against Google for monopolizing multiple digital advertising technology products in violation of Sections 1 and 2 of the Sherman Act. Filed in the U.S. District Court for the… Continue Reading

Amazon launches RxPass

TechCrunch: “Amazon launches RxPass, a $5/month Prime add-on for all-you-need generic drugs covering 80 conditions…Prime users in the U.S. can pay a monthly flat fee of $5 to get as many generic versions of medications as they need. Amazon said that initially the service will cover generic drugs for 80 common ailments — they include,… Continue Reading

The 5 Best Sites to Find Cruelty-Free Brands

MakeUseOf: “As animal rights gain greater traction, more people are seeking to make the switch to cruelty-free products. The term “cruelty-free” means that a company’s products are not tested on animals. However, finding cruelty-free products can still be a challenge. When you mention this preference, most retail staff tend to direct you to natural, clean,… Continue Reading

How Google’s Ad Business Funds Disinformation Around the World

Pro Publica: “In one instance, Google continued to place ads on a publication in Bosnia and Herzegovina for months after the U.S. government officially imposed sanctions on the site. Google stopped doing business with the site, which the U.S. Treasury Department described as the “personal media station” of a prominent Bosnian Serb separatist politician, only… Continue Reading